VASCO protects mobile apps

123456. Azerty. Admin. Passwords like this are no obstacle, even for inexperienced hackers. But good passwords and passphrases do not provide enough protection, either. The fact is that we use the same codes too often for too many different applications. VASCO overcomes this security risk with two-factor authentication.

Cloud and mobile create a chain reaction. “Facebook, Twitter, all of them,” says Kurt Berghs, Area Sales Manager at VASCO. “We have very quickly become familiar with apps in the cloud. The trouble is that we don’t want to remember a different password for each application.” That becomes very problematic when we suddenly use a weak password chosen for private use to gain access to professional applications in the cloud as well.

Chain reaction

VASCO ensures balanced protection via two-factor authentication, where the user has to provide two elements. “In the past, you needed a digipass for this,” Kurt Berghs explains, “for instance to read in your eID or bank card, in combination with a code.” Today everything runs more and more on mobile devices. The only thing is, not everyone always has a digipass like this on them. “We now offer two-factor authentication in the form of an app, as well. As a user, you no longer have to enter any codes. Scanning a QR code can be enough.” This is a new approach that enables companies to deal with the protection of their own apps a different way. “It is no longer a matter of aiming to protect the device, but the application itself.”

Infected device, safe app

Since staff in companies have started bringing their own devices to work, it has become virtually impossible – from the employer’s point of view – to impose and enforce proper protection of these devices. “You can’t oblige your staff to go on Facebook via two-factor authentication,” says Kurt Berghs. “But you can make sure that they have to use this method to gain access to company applications.” By integrating new protection methods into the app – such as DIGIPASS technology with Runtime Application Self-Protection (RASP) – using the app via an infected smartphone does not involve any risk. “The hacker can’t use this infection to penetrate the application supplier’s network. An app like this is probably safer than the average computer these days.”

Instruction and training

Two-factor authentication is now firmly established in many large companies. A partner like Proximus integrates the VASCO technology into solutions at clients and organizes instruction and training courses on this subject, among other things. “Users are already familiar with the two-factor authentication principle via the banking sector,” Kurt Berghs goes on. “Now it is important for other industries to follow suit quickly. In the context of the new regulations on data and privacy – just think of GDPR – measures based on two-factor authentication are set to become essential in the near future.”